diff --git a/lib/core/common.py b/lib/core/common.py
index 5825f0a59..ca7ea5431 100755
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2768,7 +2768,7 @@ def maskSensitiveData(msg):
retVal = msg
- for item in filter(None, map(lambda x: conf.get(x), ("hostname", "googleDork", "aCred", "pCred", "tbl", "db", "col", "user", "cookie", "proxy"))):
+ for item in filter(None, map(lambda x: conf.get(x), ("hostname", "googleDork", "authCred", "proxyCred", "tbl", "db", "col", "user", "cookie", "proxy"))):
regex = SENSITIVE_DATA_REGEX % re.sub("(\W)", r"\\\1", item)
while extractRegexResult(regex, retVal):
value = extractRegexResult(regex, retVal)
diff --git a/lib/core/option.py b/lib/core/option.py
index 32c5d9f9f..a105296df 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -180,7 +180,7 @@ def _urllib2Opener():
if conf.proxy:
warnMsg += "with HTTP(s) proxy"
logger.warn(warnMsg)
- elif conf.aType:
+ elif conf.authType:
warnMsg += "with authentication methods"
logger.warn(warnMsg)
else:
@@ -1011,8 +1011,8 @@ def _setHTTPProxy():
errMsg = "proxy value must be in format '(%s)://url:port'" % "|".join(_[0].lower() for _ in getPublicTypeMembers(PROXY_TYPE))
raise SqlmapSyntaxException(errMsg)
- if conf.pCred:
- _ = re.search("^(.*?):(.*?)$", conf.pCred)
+ if conf.proxyCred:
+ _ = re.search("^(.*?):(.*?)$", conf.proxyCred)
if not _:
errMsg = "Proxy authentication credentials "
errMsg += "value must be in format username:password"
@@ -1025,9 +1025,9 @@ def _setHTTPProxy():
socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5 if scheme == PROXY_TYPE.SOCKS5 else socks.PROXY_TYPE_SOCKS4, hostname, port, username=username, password=password)
socks.wrapmodule(urllib2)
else:
- if conf.pCred:
+ if conf.proxyCred:
# Reference: http://stackoverflow.com/questions/34079/how-to-specify-an-authenticated-proxy-for-a-python-http-connection
- proxyString = "%s@" % conf.pCred
+ proxyString = "%s@" % conf.proxyCred
else:
proxyString = ""
@@ -1097,24 +1097,24 @@ def _setHTTPAuthentication():
global authHandler
- if not conf.aType and not conf.aCred and not conf.aCert:
+ if not conf.authType and not conf.authCred and not conf.authCert:
return
- elif conf.aType and not conf.aCred and not conf.aCert:
+ elif conf.authType and not conf.authCred and not conf.authCert:
errMsg = "you specified the HTTP authentication type, but "
errMsg += "did not provide the credentials"
raise SqlmapSyntaxException(errMsg)
- elif not conf.aType and conf.aCred:
+ elif not conf.authType and conf.authCred:
errMsg = "you specified the HTTP authentication credentials, "
errMsg += "but did not provide the type"
raise SqlmapSyntaxException(errMsg)
- if not conf.aCert:
+ if not conf.authCert:
debugMsg = "setting the HTTP authentication type and credentials"
logger.debug(debugMsg)
- aTypeLower = conf.aType.lower()
+ aTypeLower = conf.authType.lower()
if aTypeLower not in (AUTH_TYPE.BASIC, AUTH_TYPE.DIGEST, AUTH_TYPE.NTLM, AUTH_TYPE.CERT):
errMsg = "HTTP authentication type value must be "
@@ -1133,7 +1133,7 @@ def _setHTTPAuthentication():
errMsg += "usage of option `--auth-cert`"
raise SqlmapSyntaxException(errMsg)
- aCredRegExp = re.search(regExp, conf.aCred)
+ aCredRegExp = re.search(regExp, conf.authCred)
if not aCredRegExp:
raise SqlmapSyntaxException(errMsg)
@@ -1165,7 +1165,7 @@ def _setHTTPAuthentication():
debugMsg = "setting the HTTP(s) authentication certificate"
logger.debug(debugMsg)
- aCertRegExp = re.search("^(.+?),\s*(.+?)$", conf.aCert)
+ aCertRegExp = re.search("^(.+?),\s*(.+?)$", conf.authCert)
if not aCertRegExp:
errMsg = "HTTP authentication certificate option "
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
index 8671c6f82..055fab75d 100644
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@@ -33,11 +33,12 @@ optDict = {
"host": "string",
"referer": "string",
"headers": "string",
- "aType": "string",
- "aCred": "string",
- "aCert": "string",
+ "authType": "string",
+ "authCred": "string",
+ "authCert": "string",
"proxy": "string",
- "pCred": "string",
+ "proxyCred": "string",
+ "proxyFile": "string",
"ignoreProxy": "boolean",
"tor": "boolean",
"torPort": "integer",
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
index 35d8a0d0a..b74d66189 100644
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@@ -108,25 +108,28 @@ def cmdLineParser():
request.add_option("--headers", dest="headers",
help="Extra headers (e.g. \"Accept-Language: fr\\nETag: 123\")")
- request.add_option("--auth-type", dest="aType",
+ request.add_option("--auth-type", dest="authType",
help="HTTP authentication type "
"(Basic, Digest, NTLM or Cert)")
- request.add_option("--auth-cred", dest="aCred",
+ request.add_option("--auth-cred", dest="authCred",
help="HTTP authentication credentials "
"(name:password)")
- request.add_option("--auth-cert", dest="aCert",
+ request.add_option("--auth-cert", dest="authCert",
help="HTTP authentication certificate ("
"key_file,cert_file)")
request.add_option("--proxy", dest="proxy",
help="Use a proxy to connect to the target URL")
- request.add_option("--proxy-cred", dest="pCred",
+ request.add_option("--proxy-cred", dest="proxyCred",
help="Proxy authentication credentials "
"(name:password)")
+ request.add_option("--proxy-file", dest="proxyFile",
+ help="Load proxy list from a file")
+
request.add_option("--ignore-proxy", dest="ignoreProxy", action="store_true",
help="Ignore system default proxy settings")
diff --git a/lib/request/connect.py b/lib/request/connect.py
index d7b135836..63602a83b 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -372,7 +372,7 @@ class Connect(object):
conn = urllib2.urlopen(req)
- if not kb.authHeader and getRequestHeader(req, HTTP_HEADER.AUTHORIZATION) and conf.aType == AUTH_TYPE.BASIC:
+ if not kb.authHeader and getRequestHeader(req, HTTP_HEADER.AUTHORIZATION) and conf.authType == AUTH_TYPE.BASIC:
kb.authHeader = getRequestHeader(req, HTTP_HEADER.AUTHORIZATION)
if not kb.proxyAuthHeader and getRequestHeader(req, HTTP_HEADER.PROXY_AUTHORIZATION):
diff --git a/sqlmap.conf b/sqlmap.conf
index 2617fdd72..9636e3af5 100644
--- a/sqlmap.conf
+++ b/sqlmap.conf
@@ -18,6 +18,9 @@ url =
# 'conversations/' folder path
logFile =
+# Scan multiple targets enlisted in a given textual file
+bulkFile =
+
# Load HTTP request from a file
# Example (file content): POST /login.jsp HTTP/1.1\nHost: example.com\nUser-Agent: Mozilla/4.0\n\nuserid=joe&password=guessme
requestFile =
@@ -76,17 +79,17 @@ headers = Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9
# HTTP Authentication type. Useful only if the target URL requires
# HTTP Basic, Digest or NTLM authentication and you have such data.
# Valid: Basic, Digest, NTLM or Cert
-aType =
+authType =
# HTTP authentication credentials. Useful only if the target URL requires
# HTTP Basic, Digest or NTLM authentication and you have such data.
# Syntax: username:password
-aCred =
+authCred =
# HTTP Authentication certificate. Useful only if the target URL requires
# logon certificate and you have such data.
# Syntax: key_file,cert_file
-aCert =
+authCert =
# Use a proxy to connect to the target URL.
# Syntax: http://address:port
@@ -95,7 +98,10 @@ proxy =
# Proxy authentication credentials. Useful only if the proxy requires
# Basic or Digest authentication and you have such data.
# Syntax: username:password
-pCred =
+proxyCred =
+
+# Load proxy list from a file
+proxyFile =
# Ignore system default proxy settings.
# Valid: True or False
diff --git a/xml/livetests.xml b/xml/livetests.xml
index 32d840e91..710fa95b9 100644
--- a/xml/livetests.xml
+++ b/xml/livetests.xml
@@ -3423,8 +3423,8 @@
-
-
+
+
@@ -3435,8 +3435,8 @@
-
-
+
+